Two college students develop the next great software, catching the attention of a technology giant that offers the young men a lucrative deal for their start-up.

Lo and behold, several blocks of source code within the start-up’s software resemble code from one of the giant’s main competitors, which then sues for patent infringement.

Welcome to the world of risks that litter the landscape of technology company mergers and acquisitions.

“The biggest risk is that the small company may not actually have the rights to the intellectual property that they’re selling,” said Peter Beresford, a senior vice president within Marsh’s Private Equity and M&A Services group in San Francisco.

“The buyer needs to make sure they have these rights before the transaction is closed, and not find out six months later that they are infringing on somebody else’s patents and end up paying a lot of royalties.”

Those issues are not always easy for a tech company buyer to catch during due diligence, as the process is vastly different from other transactions  —  say, a real estate deal, said Kate Sampson, a managing director with Marsh in San Francisco.

“The biggest challenge tech companies face is that so much of what they are buying is not very tangible, and they just never know for sure if the seller has the rights,” Sampson said.

Tech companies can buy transactional risk insurance, which includes products like representations and warranties insurance, Beresford said.

To the extent that the seller has represented and warranted that it has clear title to all of the intellectual property it is selling, and assuming the buyer has done sufficient due diligence to uncover any issues, the carrier will indemnify the buyer for losses incurred as a result of the breach of the warranty.

Reps and warranties are very important, but what gives them teeth is the indemnity, said Jeff Cowhey, president of Ambridge Partners, a managing general underwriter on behalf of a variety of insurers and underwriters, including CNA and Lloyd’s of London.

“Insurance to the buyer gives them $100 now if the seller makes the rep now, and some time later if all goes well, they will give them another $100 in escrow.

“In that regard,” he said, “the benefit of an insurance policy is arguably less about transfer of risk and more about facilitating a deal.”

Ambridge typically stress-tests a buyer’s due diligence process, to determine whether a seller’s representations are inaccurate or outright false, he said.

For example, the underwriter will search legal databases to check whether a seller was accurate in its representation that it was not involved in any pending lawsuit.

Ambridge also conducts conference calls with the insureds, to review purchase agreements and gauge the quality of the due diligence process.

The underwriter also offers tax insurance for tech M&A deals, to protect the buyer if the seller takes an incorrect tax position that is later disallowed by tax authorities or other regulators, Cowhey said.

Matt Mueller, president of Berkley Technology Underwriters in Minneapolis, said the best customers invite the underwriter to participate in discussions prior to making an acquisition.

“Having that discussion before an acquisition is very important, to make sure there are no surprises,” Mueller said.

“We can assist buyers to make sure there are no exclusions when comparing what exposures the newly acquired operation may present.”

Merging Liabilities

A concern for companies buying companies that have been in business for some time is making sure all their products  —  old and new  —  are covered appropriately, he said.

“For example, a currentaircraft exclusion won’t be of much help to a firm that is buying a company that makes electronic sensors used in aircraft,” Mueller said.

“So we help buyers understand how new sets of product liability exposures fit into their current programs.”

Buyers might be acquiring liabilities from sellers that were insured 10 years ago, but the insuring carrier may no longer exist, he said.

“Is the acquiring firm prepared to take on that old liability under their current program?” he asked.

“More importantly, is their current carrier willing to do so? It should not be left to happenstance to determine.”

In reviewing proposed private equity deals for tech companies, brokers should look for product liability exposure, which can be a significant drain, said Sam Babington, senior managing director, Private Equity, at Arthur J. Gallagher Risk Management Services Inc., in Norwalk, Conn.

“For example, one target company had developed a drug procedure to help stabilize Parkinson’s disease,” Babington said.

“It was very risky and there were a lot of patent and clinical trial issues. As a result, we had to protect the private equity firm from people who sued because something went wrong, such as a bad reaction to the drug.”

However, Babington is not a big proponent of reps and warranties insurance, feeling that it is overly broad.

He prefers specific policies such as an environmental policy to cover specific representations being made on conditions such as environmental mitigation and product liability.

Contractual Exposure

One of the biggest exposures in the area of technology mergers and acquisitions is when there is a differential between a buyer’s and seller’s contractual terms in their interactions with clients, said Oliver Brew, vice president of Professional Liability for Liberty International Underwriters in New York.

“When large companies in particular buy smaller companies, the smaller ones tend to have less clout in negotiating their contract positions with clients, so it’s not unusual for smaller companies to have terms that are more flexible or favorable to their clients than larger companies’ terms for their clients,” Brew said.

“That differential in contract terms can lead to more onerous obligations on the buyer post-M&A.”

For instance, smaller tech companies may have accepted fewer limitations of their liability from their clients, he said.

If something goes wrong with their software or service, then they might have negotiated that they are liable for a multiple value of the software or services, to pay for the cost to fix the problem for the client.

But a larger company typically has the clout to say they are only liable for up to the value of the contract  —  if at all  —  and there could be a disconnect between the exposures in their client contracts.

A buyer can review the contracts to determine whether they can change the contracts midterm, to enable the buyer to switch out the target company’s contracts for the buyer’s standard contract, or try to renegotiate with the target company’s client to get them to move to a new form of contract with a less onerous limitations of liability clause, Brew said.

Another issue in the increasing occurrence of objections being made to mergers and acquisitions. They have become commonplace, as plaintiffs’ attorneys have found them to be profitable, said Glen Bailey, managing director of the Executive Liability practice at Beecher Carlson in Atlanta.

When a company announces an acquisition of another publicly traded company with a transaction value over $100 million, it’s almost certain there will be a shareholder lawsuit alleging that directors acted negligently in negotiating and accepting the transaction price or failed to properly disclose full details of the transaction  —  even if the directors acted in the most prudent manner, Bailey said.

Large tech companies are seeing an increase in these types of lawsuits, as consolidation in the industry increases, he said.

As a result, many underwriters are introducing higher retention levels, specific to merger objection claims.

Because of this, tech companies are forced to assume more risk. The retention level is driven by the marketplace and is typically based on a company’s market capitalization.

Most merger objection claim retentions start at $500,000. For companies with a market capitalization in excess of $1 billion, merger objection claim retentions can be $1 million or more.

Covering Cybergaps

Tech companies or private equity companies face cyberrisk if sellers don’t have the proper security measures, said Mark Rusas, executive vice president, Mergers & Acquisitions global practice leader, Willis North America in New York.

“We want to make sure tech companies and chief information officers have taken the appropriate steps to mitigate this risk by taking precautionary measures to protect that information,” Rusas said.

“They may be able to control that risk through certain protocols. For example, they can refuse login attempts from foreign countries.”

Moreover, buyers need to understand how cyberexposures can impact the deal price, future compliance costs and potential financial losses, particularly from data breaches  —  including at the hands of vendors.

Rusas often recommends that buyers purchase network security or cyberliability insurance, but not always.

“Those responsible for network security including chief information officers may communicate that they have executed all the necessary controls and safeguards, thereby eliminating the need for insurance,” he said.

There is some cyberliability associated with “rogue activity” by employees of the selling company who believe they will lose their jobs after the merger integration is complete, said Adam Cottini, area vice president, Cyber, at Arthur J. Gallagher Risk Management Services Inc., in New York.

Moreover, basic technology integration mishaps can result in the release of confidential information or open the network to unexpected intrusions.

“An acquirer can put controls in place to minimize data and technology integration risk, but the acquirer has to effectively make sure their organization and employees will follow protocol and management will properly oversee the process,” Cottini said.

“But at the end of the day, procedures are more difficult to implement and controls are that much harder to manage during an M&A transaction.”

A cyberinsurance policy can afford valuable financial protection from the heightened level of cyberrisk posed by technology integration and ultimately provide a very valuable backstop to the acquirers’ balance sheet, he said.

Culture Shifts

There is an additional risk of employee-related claims, particularly from CEOs of fast-growing businesses that are bought by larger companies, who are then slotted into the organizations at a level or reporting chain that may be seen as beneath them, said Mark Arian, executive vice president and global leader, Aon Merger & Acquisition Solutions at Aon Hewitt in New York.

“They are not used to a much more controlled environment, with financial controls that can be overwhelming to a former CEO of a high-flying small entity,” Arian said.

“They also may have never worked at a public company that has to comply with Sarbanes-Oxley and other onerous corporate governance requirements.”

Arian and his team try to help heighten clients’ understanding of these relationships and challenges, suggesting ways to mentor such employees.

They also help clients figure out how to reward people who used to be rewarded for entrepreneurialism, by tying “earnouts” to increased shareholder value.

An earnout is a contractual provision in a purchase agreement that details the amount of future compensation a seller is to receive based on the performance of the business.

But if the acquiring firm only wants the former CEO for a certain period of time, then excessively rewarding the person based on the company’s performance even after that person leaves can put a drag on the acquirer’s future earnings.

“Earnouts are a dangerous game if not carefully constructed, as an acquirer can have negative margins,” Arian says.